Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(feature): add skip-tls-verify option for image sources #201

Merged
merged 2 commits into from
Oct 26, 2023
Merged

(feature): add skip-tls-verify option for image sources #201

merged 2 commits into from
Oct 26, 2023

Conversation

everettraven
Copy link
Collaborator

@everettraven everettraven commented Oct 25, 2023
edited
Loading

Description

  • Adds an skipTLSVerify field to the image source type to allow users to specify that a catalog is being sourced from an insecure registry. When setting skipTLSVerify: true, catalogd will skip TLS verification when pulling the catalog image.
  • Removes trusted certificate injection for e2e tests

Motivation

  • Provide a method to disable TLS verification to simplify local testing of catalog images

@everettraven everettraven requested a review from a team as a code owner October 25, 2023 20:02
@codecov
Copy link

codecov bot commented Oct 25, 2023
edited
Loading

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (e078853) 39.70% compared to head (d798110) 40.04%.

❗ Current head d798110 differs from pull request most recent head 6e9a118. Consider uploading reports for the commit 6e9a118 to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #201      +/-   ##
==========================================
+ Coverage   39.70%   40.04%   +0.33%     
==========================================
  Files           8        8              
  Lines         471      477       +6     
==========================================
+ Hits          187      191       +4     
- Misses        265      266       +1     
- Partials       19       20       +1
Files Coverage Δ
api/core/v1alpha1/catalog_types.go 100.00% <ø> (ø)
internal/source/image_registry_client.go 67.04% <66.66%> (-0.03%) ⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@anik120
Copy link
Collaborator

anik120 commented Oct 25, 2023

What if we used an environment variable instead? We'll read the environment variable from the binary and set a skipTLSInsecureSkipVerify field for ImageRegistry accordingly.

@everettraven everettraven changed the title (feature): add an insecure option for image sources (feature): add skip-tls-verify option for image sources Oct 26, 2023
@everettraven
Copy link
Collaborator Author

What if we used an environment variable instead? We'll read the environment variable from the binary and set a skipTLSInsecureSkipVerify field for ImageRegistry accordingly.

This would disable TLS verification for all image registries which I'm not sure is desirable. The current state of this PR gives the flexibility to disable TLS verification on a per catalog basis. This would also require modification to the catalogd controller-manager deployment which the current PR does not require. I'm happy to continue this discussion further but, IMO, the current state of the PR is more desirable than a global disable TLS verification option.

@anik120
Copy link
Collaborator

anik120 commented Oct 26, 2023

Okay I'm good with this PR I'll leave it upto @joelanford to hit the merge button

@everettraven
(feature): add skip-tls-verify option for image sources
d798110 
Signed-off-by: Bryce Palmer <everettraven@gmail.com>
@everettraven
re-generate manifests
6e9a118 
Signed-off-by: Bryce Palmer <everettraven@gmail.com>
@joelanford joelanford added this pull request to the merge queue Oct 26, 2023
Merged via the queue into operator-framework:main with commit 7dcfe53 Oct 26, 2023
8 checks passed
@anik120 anik120 added this to the v0.9.0 milestone Oct 27, 2023
@everettraven everettraven mentioned this pull request Nov 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ncdc ncdc ncdc left review comments

@anik120 anik120 anik120 approved these changes

@joelanford joelanford joelanford approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.9.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@everettraven @anik120 @ncdc @joelanford